1

We have a spring-websocket application that works fine when we use Tomcat 8.0. However, when we upgraded our Tomcat to 8.5 it stopped working. When looking at the networks trace from the F5 it appears the F5 receive the handshake response (101) from the server but the response is never forwarded to the client. Because of that the connection is never established.

We reverted temporarily to Tomcat 8.0 and it worked and when putting back Tomcat 8.5 it stopped working again.

If we disable the ASM policy on the F5 it works fine too. However we can't have that as a solution and we can't revert to Tomcat 8.0 too.

When looking at the ASM we didn't see anything being blocked by the ASM.

Of course, if we simply call the desired server instance, and not go through the F5 it works fine.

Our F5 is version 12. Upgrading it isn't really a possible solution either unless we really have no other choice.

We use spring-websocket version 4.3.18.RELEASE. However, when writing another dummy websocket server for testing I used the current Spring versions and nothing changed.

Our application is Java 8.

Does anyone have any idea what is happening?

Thanks in advance! :)

Coudons
  • 11
  • 1
  • are you checking response traffic in ASM or just requests? You could activate for responses in alert mode to see what's triggering if anything. Another way you can check that without altering ASM is to take packet capture with the f5 flags and if there is a tcp reset occurring from F5 -> Server the reason should be in the trace file. – Jason Rahm Jul 07 '20 at 03:25
  • Hi Jason! I am not really used to ASM. I will check with our team. Thanks :) – Coudons Jul 07 '20 at 11:37
  • Hi Jason! Apparently everything should have been logged correctly, but nothing came out wrong in the ASM. Lately we did some test and managed to make it work with Tomcat 8.0 in our pre-prod environment. However, when redoing tests on test environment, the Tomcat version didn't do any change. – Coudons Jul 09 '20 at 01:09

1 Answers1

0

The problem was related to the fact that Tomcat 8.5 doesn't return the reason phrase dans our F5 version needs it for some reason. By modifying Tomcat connector to add sendReasonPhrase="true" it fixed the problem.

Coudons
  • 11
  • 1